What is DNS and How Does It Work?

The Domain Name System (DNS) is a global, distributed directory that maps domain names to IP addresses. Computers route traffic using IP addresses like 93.184.216.34, but those are hard for people to remember — so DNS lets you use a name like example.com instead and looks up the matching address on demand.

DNS is hierarchical and decentralized. No single server holds every record; instead, responsibility is delegated down a tree — from the root, to top-level domains (like .com), to the authoritative nameservers that hold the records for an individual domain.

When you open a website, a DNS resolution happens before any content loads:

1. Recursive resolver — your device asks a resolver (usually run by your ISP or a public provider like 1.1.1.1 or 8.8.8.8). If it has a fresh answer cached, it returns it immediately.
2. Root nameservers — if the answer is not cached, the resolver asks a root server, which points it to the right top-level domain (TLD) servers.
3. TLD nameservers — the .com (or .org, .io, and so on) servers point the resolver to the domain's authoritative nameservers.
4. Authoritative nameservers — these hold the actual records for the domain and return the answer, such as the A record's IP address.
5. Response and cache — the resolver returns the address to your device and caches it for the length of the record's TTL so the next lookup is faster.

This whole exchange usually completes in a fraction of a second, and most of the time it is served straight from cache.

• Resolver — the recursive service that does the legwork of finding an answer on your behalf.
• Nameserver — a server that stores DNS records. The authoritative nameservers for a domain are the source of truth for its records.
• Zone — the complete set of DNS records for a domain.
• Record — an individual entry such as an A, CNAME, or MX record.
• TTL — time to live, the number of seconds a resolver may cache a record before checking again.

A domain's behaviour is defined by its records. The ones you will meet most often are:

• A and AAAA records — map a name to an IPv4 or IPv6 address.
• CNAME records — alias one name to another.
• MX records — direct email to the right mail servers.
• NS records — delegate the domain to its authoritative nameservers.
• TXT records — hold arbitrary text, including SPF and verification tokens.

See the full list of DNS record types for the rest.

Because every connection starts with DNS, a single wrong or malicious record change can redirect your website, intercept your email, or invalidate your TLS certificates. Changes can also take time to reach everyone — see DNS propagation — which makes mistakes slow to fully roll back.

That is the problem ZoneWatcher solves: it watches your DNS records around the clock and alerts you the moment anything changes, so you hear about it from us rather than from upset customers. For hardening guidance, see DNS security best practices.